Error: "Symantec AntiVirus could not collect all the log data from the selected computer(s) . . ." when viewing client logs in Symantec System Center

Article:TECH100274  |  Created: 2003-01-20  |  Updated: 2010-08-13  |  Article URL http://www.symantec.com/docs/TECH100274
Article Type
Technical Solution

Product(s)

Environment

Issue



In Symantec System Center, you try to view logs for managed clients. You see the error message "Error: Symantec AntiVirus could not collect all the log data from the selected computer(s). Please verify that Symantec AntiVirus is running on these computers." The affected clients are turned on and connected to the network.

 


Solution



This problem has more than one cause, so more than one solution is provided. To fix the problem, try each of the following solutions in the order that they appear.

Confirm network communication
Make sure that the clients and the parent server can communicate.

To confirm network communication

  1. On the parent server, open a command prompt and ping the client by computer name.
    For example, type ping <client1>
    where <client1> is the computer name of the client.
    The command should return the client's correct IP address.
  2. On the parent server, open a command prompt and use the ping -a command with the client's IP address.
    For example, type ping -a 192.168.0.1
    where 192.168.0.1 is the client's IP address.
    The command should return the client's correct fully qualified domain name.
  3. On the client, open a command prompt and ping the parent server by computer name.
    For example, type ping <server1>
    where <server1> is the computer name of the parent server.
    The command should return the parent server's correct IP address.
  4. On the client , open a command prompt and use the ping -a command with the parent server's IP address.
    For example, type ping -a 192.168.0.2
    where 192.168.0.2 is the parent server's IP address.
    The command should return the parent server's correct fully qualified domain name.


If network communication fails, fix any problems on your network that are related to DNS or name resolution before you try the other solutions in this document.


Confirm the presence of the server group root certificate
Communication fails if the server group root certificate is not present on Symantec AntiVirus 10.x servers, managed clients, and the computer that runs Symantec System Center. Legacy clients and servers do not need a copy of the root certificate.

To confirm the presence of the certificate on parent servers and computers that run Symantec System Center

  1. Start Windows Explorer.
  2. Open the Symantec AntiVirus program folder.
    The default location on a Symantec AntiVirus Corporate Edition server is the following:
    <OS drive>:\Program Files\SAV

           The default location on a Symantec Client Security server is the following:    

    <OS drive>:\Program Files\SAV\Symantec AntiVirus

   3. Open the pki\roots folder and find the xxx.x.servergroupca.cer file.

   4.If the xxx.x.servergroupca.cer file is not present, do one of the following:

  • Copy the file from another parent server and restart the Symantec AntiVirus service.
  • Restore a backup copy of the pki folder and restart the Symantec AntiVirus service.

For directions, see the "Restore communication with a backup copy of the pki folder" section of the document Steps to minimize recovery time in the event of a server failure.


To confirm the presence of the certificate on managed clients

  1. Start Windows Explorer.
  2. Go to the Symantec AntiVirus program folder.
    The default location is the following:
    <OS Drive>\Program Files\Symantec Client Security\Symantec AntiVirus.
  3. Open the pki\roots folder and find the xxx.x.servergroupca.cer file.
  4. Make sure that the file matches the xxx.x.servergroupca.cer file on the client's parent server.
  5. If the xxx.x.servergroupca.cer file is not present, copy the file from the pki\roots folder on the parent server.



Confirm that Symantec AntiVirus works correctly on the clients
Confirm that the Symantec AntiVirus service is started on the clients. Start Symantec AntiVirus, and make sure that the correct parent server name appears under General Information.


Confirm that Symantec AntiVirus works correctly on the parent server
On the parent server, confirm that the Symantec AntiVirus service is started and that the correct ports are open.

To confirm that the correct ports are open on the parent server

  1. At a command prompt, type netstat -a
  2. Do one of the following:
    • On a Symantec AntiVirus 10.x server, confirm that TCP port 2967 appears and that the port's status is LISTENING
    • On a Symantec AntiVirus 10.x server that manages legacy clients, confirm that UDP port 2967 appears and that the port's status is LISTENING
    • On a Symantec AntiVirus 9.x or earlier server, confirm that UDP port 2967 appears and that the port's status is LISTENING
  3. If the correct ports are not open, restart the Symantec AntiVirus service.


If the problem persists, try the solutions in the "Configure or disable the Windows Firewall" section or the "Confirm that the correct ports are open on firewalls and routers" section of this document:


Configure or disable the Windows Firewall
On Windows 2003/XP computers, confirm that the Windows Firewall is not configured to block communication. Do one of the following:



Confirm that the correct ports are open on firewalls and routers
Make sure that any firewalls and routers allow broadcast and directed UDP communication and that the needed ports are open.
For details, read the document for your version of Symantec AntiVirus:



If the problem persists, try the following workarounds:





References
For information about troubleshooting communication problems, read the document for your product version:




 

 



Legacy ID



2003032010404748


Article URL http://www.symantec.com/docs/TECH100274


Terms of use for this information are found in Legal Notices